Three health systems. One AI vendor. Thousands of patients recorded without consent. Not one organization can produce verifiable proof of what their AI actually did.
This page is a counterfactual audit artifact, generated by the GoVTraceAI runtime engine against the scenario class now driving class-action litigation. Cryptographically signed. Independently verifiable.
Class action alleges ambient AI recorded a July 2025 patient visit without consent. EHR notes reportedly contained boilerplate language stating the patient had been "advised" and "consented." Per the complaint, no such consent occurred.
Proposed nationwide class covering patients over the prior two years. Alleges clinicians "intercepted, recorded, and processed" audio without informed consent. Same ambient documentation category as the Sharp matter.
Florida F.S. §934.03 makes unconsented recording a third-degree felony, up to five years. A single ambient scribe workflow can be compliant in one state and criminal in another.
Not a chart note. Not a checkbox. A cryptographically signed event with timestamp, clinician ID, policy version, and patient ID. Produced at runtime, independently verifiable years later.
All-party consent in CA, FL, and 11 other states. Standard HIPAA elsewhere. The same ambient workflow deployed nationwide cannot self-attest which policy governed which visit on which date.
EHR notes can be edited. Vendor logs are controlled by the vendor. Neither produces admissible evidence when the consent workflow itself is the defendant.
Generated at runtime by the GoVTraceAI engine against a reconstructed scenario matching the cited complaints. Ed25519 signed. Hash-chained. Verifiable below.
{ "docr_id": "docr_2d7f8a1c4b9e6f03", "issued_at": "2025-07-14T10:42:03.812Z", "policy_version": "hipaa-cipa-v3.1.0", "jurisdiction": "US-CA", "decision": { "verdict": "POLICY_VIOLATION", "reason": "AMBIENT_AUDIO_CAPTURE_WITHOUT_CONSENT_ARTIFACT", "enforced": "BLOCK" }, "context": { "event_type": "ambient_scribe.session_start", "encounter_id": "enc_7f12ab90", "clinician_id": "clin_b84cde21", "patient_id_hash": "sha256:c8a2…7d1f", "vendor": "ambient_documentation_platform", "data_destination": "vendor_cloud_us-west-2" }, "policy_checks": [ { "id": "CIPA-632.7", "status": "FAIL", "note": "No signed consent artifact within 120s window." }, { "id": "CMIA-56.101", "status": "FAIL", "note": "Audio transmission to third party without authorization." }, { "id": "HIPAA-164.508", "status": "FAIL", "note": "No valid authorization for disclosure to BA." }, { "id": "AB-3030-DISCLOSE", "status": "PASS", "note": "Disclaimer template present downstream." } ], "provenance": { "model_version": "scribe-ambient-4.2.1", "prompt_hash": "sha256:1a3c…9e22", "input_hash": "sha256:7b5d…02af", "prior_docr": "docr_6e11ff02aa3d91bc" }, "signature": { "alg": "Ed25519", "kid": "govtrace-issuer-prod-04", "sig": "MEUCIQD9k8…Qm1Rf3Lq7vN2pJ==", "chain_root": "sha256:4f0a…bd83" } }
This is the same POST /audit/verify endpoint any compliance officer, regulator, or opposing counsel can call to confirm a receipt was issued by GoVTraceAI and has not been tampered with.
Classify and block data movement. Cannot represent a consent event or sign a runtime decision record.
Point-in-time posture attestation. No runtime decision layer, no per-event evidence.
Observability dashboards and model risk scores. Not cryptographic. Not signed. Not admissible.
Record what clinicians did in the system. Do not govern what third-party AI did before data entered the chart.
A runtime decision engine that evaluates every AI action against policy and issues a signed, verifiable Duty-of-Care Record before data leaves your systems. Built by gobots.ai.
Bring your ambient scribe workflow. Your patient-messaging copilot. Your inbox AI. Your prior-auth model. 20 minutes, live, on your scenario. You'll see the DoCR your compliance team should already have.
